New postby bbab84 on Wed Sep 24, 2008 11:46 amI'm only one day into this and now I'm stuck on 5. This is where I stand...I used the JS Inj. from this site http://nexodyne.com/archive/index.php?t-14736.html and changed the email address. After I send the pw to Sam, I just get a message saying it was successful. After reading everyone's posts, it looks like all I really have to do is copy and paste the JS in my URL. The problem is, I don't know which line from the source goes in the URL bar. If I knew that, I could figure it out. To me, it sounds like there's more than one way to complete this one. It also says in the instructions that I can use Firefox, which I already use. I also have Firebug...will that help at all? Any info would be much obliged.

Just read through it and make sure you know whats going on. In your link it talks about void and alert use them both to your advantage. So say you modified a field then make an alert after it so you can see the change that you made. Try out the js injections in that page on that page and check out what they do. Do an alert first so you can see what the default fields are and then add the Authorized=yes field one and an alert after wards so you can see if you did it right.

New postby bbab84 on Thu Sep 25, 2008 1:16 pmSomething still isn't right. This is what I did:<input type=alert(document.forms[0].to.value)><void(document.cookie="Authorized=yes")><alert(document.forms[0].to.value)>

This is what I got out of what you told me, but I don't think it's right since nothing has changed. I know I'm missing something, but what?

Ok lets take a look at what you did here

<input type=alert(document.forms[0].to.value)>

You made an alert box pop up with information from forms[0]

<void(document.cookie="Authorized=yes")>

You made a field "Authorized=yes" in the cookies which isn't really used in the first place you find that out with alert prior to adding the field

<alert(document.forms[0].to.value)>

You made the alert box pop up a second time but still nothing was changed because you did not modify this field to start off with

Alright so basically you didn't change the e-mail all you did was make an alert box pop up showing you the information in forms[0] and then you added the field "Authorized=yes" into your cookie which has nothing to do with the e-mail field. Just think about it carefully and learn the difference of what the functions do (void = modifies, adds fields while alert just shows you the information). Read through the JS Injection link one last time and read carefully it pretty much tells you how to accomplish this mission. GL getting it and if you need anymore help just PM me.

Do you need to change that? If so, Which part?The name is your friend, in this input. We would use this to acquire control over the field and its contents. Now, have you read up on Inline Javascript? And how you can change values with it?

New postby bbab84 on Thu Sep 25, 2008 1:16 pmSomething still isn't right. This is what I did:<input type=alert(document.forms[0].to.value)><void(document.cookie="Authorized=yes")><alert(document.forms[0].to.value)>

This is what I got out of what you told me, but I don't think it's right since nothing has changed. I know I'm missing something, but what?

Ok lets take a look at what you did here

<input type=alert(document.forms[0].to.value)>

You made an alert box pop up with information from forms[0]

<void(document.cookie="Authorized=yes")>

You made a field "Authorized=yes" in the cookies which isn't really used in the first place you find that out with alert prior to adding the field

<alert(document.forms[0].to.value)>

You made the alert box pop up a second time but still nothing was changed because you did not modify this field to start off with

Alright so basically you didn't change the e-mail all you did was make an alert box pop up showing you the information in forms[0] and then you added the field "Authorized=yes" into your cookie which has nothing to do with the e-mail field. Just think about it carefully and learn the difference of what the functions do (void = modifies, adds fields while alert just shows you the information). Read through the JS Injection link one last time and read carefully it pretty much tells you how to accomplish this mission. GL getting it and if you need anymore help just PM me.

Okay, so I got rid of everything I modified and started over. Now I get a 'Referrer code error', which I had already fixed in the first place, but I can't remember how I did it. I'm getting really frustrated because I keep going through trial and error and keep f***ing it up even more. But even if I get the referrer right, I still can't get the pw, only that it's been sent 'successfully'- which is bullshit, by the way, because if it were successful, I'd fricken have it by now!!! If I see you online, I'll pm you. But I really want to do this on my own...You know, 'Teach a (wo)man to fish...' blah, blah, blah.

I'm completely baffled. I tried some basic javascript injections in Firefox 3 beta 5 (running in Ubuntu Hardy), and it just doesn't seem to be supported. For now I'm just trying to get it to echo some on-screen alerts, stuff like:

javascript:alert('Hello');

and nothing, flat-out -nothing- happens when I hit enter. The browser just sits there. I've checked half a dozen times to make sure I have javascript enabled and working.

Konquerer is no better. It actually brings up an error box telling me "protocol not supported: javascript". Wha..!? Again, I know JS is enabled in the browser. Can anyone give me a clue what else to check? I have no idea where to go from here.

Hi everyone... I'm sure i did right with the Javascript injection... i get the feeling it's supposed to be like Mission 4 but i keep getting errors regarding Referals which i do not understand at this time... I'm running a Firefox ver 3.1 and also tried Internet Explorer... And obviously Javascripts are checked, and i'm aware Java and Javascripts are different. please help me with this referal thingy. I'm sure i'm supposed to be given the password by now.

EDIT: it seems a lot of learners are having problems with this mission... Am i missing something? I really don't have any idea... This referal thing is pissing me off. the guy who posted a link about Javascripts helps a lot but i really can't get any password. I know i'm doing it right and i know Javascript Injection is NOT a URL...